Working on individual modules

2021-03-10 18:00:51 -05:00
parent 09f5098b39
commit 39c2aead8a
6 changed files with 159 additions and 0 deletions
--- a/admin/documentation/.setup_server.txt.kate-swp
+++ b/admin/documentation/.setup_server.txt.kate-swp
--- a/admin/documentation/gunicorn.service.default
+++ b/admin/documentation/gunicorn.service.default
@@ -0,0 +1,24 @@
+[Unit]
+Description=gunicorn daemon
+Requires=gunicorn.socket
+After=network.target
+
+[Service]
+Type=notify
+# the specific user that our service will run as
+User=root
+Group=root
+# another option for an even more restricted service is
+# DynamicUser=yes
+# see http://0pointer.net/blog/dynamic-users-with-systemd.html
+RuntimeDirectory=gunicorn
+WorkingDirectory=/srv/http/dev_fastapi.oneskyit.com
+Environment="PATH=/srv/http/dev_fastapi.oneskyit.com/environment/bin"
+ExecStart=/srv/http/dev_fastapi.oneskyit.com/environment/bin/gunicorn --bind unix:/srv/http/dev_fastapi.oneskyit.com/gunicorn.sock -m 007 app.main:app --workers 4 -k uvicorn.workers.UvicornWorker --access-logfile admin/log/access.log --error-logfile admin/log/error.log, --log-file admin/log/log.log --capture-output --keep-alive 5
+ExecReload=/bin/kill -s HUP $MAINPID
+KillMode=mixed
+TimeoutStopSec=5
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
--- a/admin/documentation/gunicorn.socket.default
+++ b/admin/documentation/gunicorn.socket.default
@@ -0,0 +1,14 @@
+[Unit]
+Description=gunicorn socket
+
+[Socket]
+ListenStream=/run/gunicorn.sock
+# Our service won't need permissions for the socket, since it
+# inherits the file descriptor by socket activation
+# only the nginx daemon will need access to the socket
+User=http
+# Optionally restrict the socket permissions even more.
+# Mode=600
+
+[Install]
+WantedBy=sockets.target
--- a/admin/documentation/nginx_fastapi_server.example.default
+++ b/admin/documentation/nginx_fastapi_server.example.default
@@ -0,0 +1,85 @@
+server {
+  access_log  /var/log/nginx/access_dev_fastapi.oneskyit.com.log;
+
+  listen 443 ssl; # managed by Certbot
+  listen [::]:443 ssl http2; # managed by Certbot
+  #listen 443 http3 reuseport;  # UDP listener for QUIC+HTTP/3
+  server_name dev-fastapi.oneskyit.com;
+
+  ssl_certificate /etc/letsencrypt/live/oneskyit.com-0001/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/oneskyit.com-0001/privkey.pem; # managed by Certbot
+
+  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+  #add_header Alt-Svc 'quic=":443"'; # Advertise that QUIC is available
+  #add_header QUIC-Status $quic;     # Sent when QUIC was used
+
+  include brotli.conf;
+  include gzip.conf;
+
+  client_max_body_size 4096M; # or 4G
+
+  location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_redirect off;
+        proxy_buffering off;
+
+        proxy_pass http://unix:/run/gunicorn.sock;
+  }
+
+  location /ws {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+
+        proxy_redirect off;
+        proxy_buffering off;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        #proxy_read_timeout 600;
+        #proxy_headers_hash_max_size 1024;
+
+        proxy_pass http://unix:/run/gunicorn.sock;
+  }
+
+  location /ws_redis {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+
+        proxy_redirect off;
+        proxy_buffering off;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        #proxy_read_timeout 600;
+        #proxy_headers_hash_max_size 1024;
+
+        proxy_pass http://unix:/run/gunicorn.sock;
+  }
+}
+
+server {
+  if ($host = dev-fastapi.oneskyit.com) {
+    return 301 https://$host$request_uri;
+  } # managed by Certbot
+
+  listen 80;
+  listen [::]:80;
+  server_name dev-fastapi.oneskyit.com;
+  return 404; # managed by Certbot
+}
--- a/admin/documentation/run
+++ b/admin/documentation/run
@@ -42,3 +42,7 @@ git branch new-branch-name

 # Switch branch
 git switch new-branch-name
+
+
+# Clone from Bitbucket:
+git clone https://scott_idem@bitbucket.org/oneskyit/one-sky-it-api-fastapi.git /srv/http/the_path_to_create
--- a/admin/documentation/setup_server.txt
+++ b/admin/documentation/setup_server.txt
@@ -0,0 +1,32 @@
+sudo git clone https://scott_idem@bitbucket.org/oneskyit/one-sky-it-api-fastapi.git /srv/http/dev_fastapi.oneskyit.com
+
+sudo ls -lha /srv/http/
+sudo chown http:http -R /srv/http/dev_fastapi.oneskyit.com/
+sudo chmod 775 -R /srv/http/dev_fastapi.oneskyit.com/
+sudo ls -lha /srv/http/
+
+cd /srv/http/dev_fastapi.oneskyit.com/
+rm .gitignore
+
+git branch -a
+git switch development
+
+virtualenv environment
+source environment/bin/activate
+pip install -U -r admin/requirements.txt
+
+sudo vim /etc/systemd/system/gunicorn.socket
+sudo vim /etc/systemd/system/gunicorn.service
+sudo systemctl daemon-reload
+sudo systemctl enable gunicorn.socket
+sudo systemctl start gunicorn.socket
+sudo systemctl status gunicorn.socket
+
+???sudo systemctl enable gunicorn.service???
+???sudo systemctl start gunicorn.service???
+
+sudo vim /etc/nginx/sites-available/dev_fastapi.oneskyit.com
+sudo ln -s /etc/nginx/sites-available/dev_fastapi.oneskyit.com /etc/nginx/sites-enabled/dev_fastapi.oneskyit.com
+
+sudo systemctl restart nginx.service
+sudo systemctl status nginx.service